International oil company Saudi Aramco claims to be over a cyber attack on 15 August and maintains that oil production was not disrupted.

The company said around 30,000 workstation computers that were hit by a virus attack are back online, although remote access is still being restricted “as a precaution”.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Saudi Aramco has also not yet restored its website, displaying a message apologising for any inconvenience instead.

"We have isolated all our electronic systems from outside access as an early precautionary measure that was taken following a sudden disruption which affected some sectors of our network," the message reads. “Most of the damage has now been repaired."

A group named the Cutting Sword of Justice – which blames the Saudi Government for “crimes and atrocities” in several countries – has claimed responsibility for the attack in an online forum.

The group said the state-run oil firm was hit because it was a key source of income for the government, according to the BBC.

Read more about malware

Last week, cybersecurity researchers uncovered a new threat called Shamoon that they said was targeting infrastructure in the energy sector, but Saudi Aramco has not said whether this was the malware involved in the attack on its network.

Researchers at security firm Symantec said Shamoon, also known as W32.Disttrack, corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable.

The attack is designed to penetrate a computer via the internet and then target other computers on the same network. Data on the targeted computers is replaced with image files to prevent data recovery.

Shamoon is the latest in a line of attacks that have targeted infrastructure. It follows Stuxnet – which was designed to hit nuclear infrastructure in Iran – and Duqu, Flame and Gauss, that have all sought to infiltrate networks to steal data.

With the increasing computerisation of critical infrastructure services, the energy and utility industries have never been more vulnerable to cyber attacks, according to security firm LogRhythm.

“Shamoon highlights the cascading effect that an attack can have on other infrastructure sectors and capabilities,” said Ross Brewer, vice-president and managing director International Markets at LogRhythm.

All the signs point to the threat landscape getting worse for utilities

Ross Brewer, vice-president and managing director, LogRhythm

A fundamental challenge faced by utilities is that supervisory control and data acquisition (SCADA) systems, which are in charge of infrastructure control systems, were never really designed to be secure from an IT perspective, he said.

With much of existing national infrastructure developed prior to the rise of the internet, Brewer said the focus of control system security is often limited to physical assets.

“Unfortunately, all the signs point to the threat landscape getting worse for utilities. One can only hope that the growing number of attacks aimed at these critical systems will serve as a wake-up call to policy makers across both private and public sectors,” he said.

Brewer believes that attacks on critical systems are inevitable and that both public and private entities must take adequate steps to ensure the ongoing security of their systems.

“As such, they must look to security intelligence platforms that have the capabilities to combine continuous event correlation for early threat detection, deep forensic search to understand the scope of impact and attack origin, as well as rapid and intelligent response to remediate any potential damage in real time,” he said.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy